API tools faq
paste
Advertisement
saleks28

Untitled

saleks28
Sep 13th, 2020
315
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 2.35 KB | None | 0 0
raw download clone embed print report
  1. setTimeout(function(){
  2.     Java.perform(function (){
  3.      console.log("");
  4.      console.log("[.] Cert Pinning Bypass/Re-Pinning");
  5. var CertificateFactory = Java.use("java.security.cert.CertificateFactory");
  6.      var FileInputStream = Java.use("java.io.FileInputStream");
  7.      var BufferedInputStream = Java.use("java.io.BufferedInputStream");
  8.      var X509Certificate = Java.use("java.security.cert.X509Certificate");
  9.      var KeyStore = Java.use("java.security.KeyStore");
  10.      var TrustManagerFactory = Java.use("javax.net.ssl.TrustManagerFactory");
  11.      var SSLContext = Java.use("javax.net.ssl.SSLContext");
  12. // Load CAs from an InputStream
  13.      console.log("[+] Loading our CA...")
  14.      var cf = CertificateFactory.getInstance("X.509");
  15.      
  16.      try {
  17.       var fileInputStream = FileInputStream.$new("/data/local/tmp/cert-der.crt");
  18.      }
  19.      catch(err) {
  20.       console.log("[o] " + err);
  21.      }
  22.      
  23.      var bufferedInputStream = BufferedInputStream.$new(fileInputStream);
  24.      var ca = cf.generateCertificate(bufferedInputStream);
  25.      bufferedInputStream.close();
  26.      var certInfo = Java.cast(ca, X509Certificate);
  27.      console.log("[o] Our CA Info: " + certInfo.getSubjectDN());
  28.      console.log("[+] Creating a KeyStore for our CA...");
  29.      var keyStoreType = KeyStore.getDefaultType();
  30.      var keyStore = KeyStore.getInstance(keyStoreType);
  31.      keyStore.load(null, null);
  32.      keyStore.setCertificateEntry("ca", ca);
  33.      console.log("[+] Creating a TrustManager that trusts the CA in our KeyStore...");
  34.      var tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
  35.      var tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
  36.      tmf.init(keyStore);
  37.      console.log("[+] Our TrustManager is ready...");
  38.      console.log("[+] Hijacking SSLContext methods now...")
  39.      console.log("[-] Waiting for the app to invoke SSLContext.init()...")
  40.      SSLContext.init.overload("[Ljavax.net.ssl.KeyManager;", "[Ljavax.net.ssl.TrustManager;", "java.security.SecureRandom").implementation = function(a,b,c) {
  41.      console.log("[o] App invoked javax.net.ssl.SSLContext.init...");
  42.      SSLContext.init.overload("[Ljavax.net.ssl.KeyManager;", "[Ljavax.net.ssl.TrustManager;", "java.security.SecureRandom").call(this, a, tmf.getTrustManagers(), c);
  43.      console.log("[+] SSLContext initialized with our custom TrustManager!");
  44.      }
  45.     });
  46. },0);
  47.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!